Security policy and user awareness
-
Tip
20 May 2025
How to create a remote access policy, with template
Remote work, while beneficial, presents numerous security risks. Help keep your organization's systems safe with a remote access policy. Continue Reading
-
News
19 May 2025
Chinese cyber spooks lure laid-off US government workers
A Washington DC-based think tank has published evidence that Chinese intelligence services have been running a network of digital ‘front’ companies targeting laid-off government workers as recruits Continue Reading
-
News
15 May 2025
NHS asks suppliers to sign up to cyber covenant
NHS digital and security leaders call on their suppliers to commit to a cyber security charter as the health service works to improve its resilience in the face of growing threat levels Continue Reading
-
Feature
15 May 2025
Is IPSIE the game changer that SaaS security demands?
It started with an announcement in October 2024, and now it seems the vision of secure identity in the enterprise is becoming a reality. We look at the prospects for IPSIE Continue Reading
-
News
14 May 2025
Scattered Spider retail attacks spreading to US, says Google
Google’s threat intel analysts are aware of a number of in-progress cyber attacks against US retailers linked to the same Scattered Spider gang that supposedly attacked M&S and Co-op in the UK Continue Reading
-
Opinion
14 May 2025
It's time to get to grips with DORA
It's not really a surprise so many organisations missed the EU's DORE compliance deadline, but there's no excuse for delaying, says Azul EMEA VP James Johnston Continue Reading
-
News
14 May 2025
New security paradigm needed for IT/OT convergence
Industry leaders and policymakers highlight growing cyber threats from the integration of IT and operational technology systems, calling for collaboration and regulatory frameworks to protect critical systems, among other measures Continue Reading
-
News
13 May 2025
May Patch Tuesday brings five exploited zero-days to fix
Microsoft fixes five exploited, and two publicly disclosed, zero-days in the fifth Patch Tuesday update of 2025 Continue Reading
-
News
13 May 2025
Australian data breaches hit record high in 2024
More than 1,100 data breaches were reported in Australia last year, a 25% jump from 2023, prompting calls for stronger security measures across businesses and government agencies Continue Reading
-
News
08 May 2025
Government will miss cyber resiliency targets, MPs warn
A Public Accounts Committee report on government cyber resilience finds that the Cabinet Office has been working hard to improve, but is likely to miss targets and needs a fundamentally different approach Continue Reading
-
News
08 May 2025
Preparing for post-quantum computing will be more difficult than the millennium bug
The job of getting the UK ready for post-quantum computing will be at least as difficult as the Y2K problem, says National Cyber Security Centre CTO Ollie Whitehouse Continue Reading
-
News
08 May 2025
US tells CNI orgs to stop connecting OT kit to the web
US authorities have released guidance for owners of critical national infrastructure in the face of an undisclosed number of cyber incidents Continue Reading
-
News
08 May 2025
UK government websites to replace passwords with secure passkeys
Government websites are to replace difficult-to-remember passwords with highly secure passkeys that will protect against phishing and cyber attackers Continue Reading
-
News
07 May 2025
Europe leads shift from cyber security ‘headcount gap’ to skills-based hiring
Research from Sans Institute reveals European organisations are leading a global shift in hiring priorities, driven by regional regulatory frameworks Continue Reading
-
News
07 May 2025
Oxford Uni adds cyber resilience module to MBA programme
Oxford University’s Saïd Business School is working with cyber response specialist Sygnia to help future business leaders get on top of security Continue Reading
-
Opinion
06 May 2025
Unspoken risk: Human factors undermine trusted platforms
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error. Continue Reading
-
Feature
06 May 2025
Beyond the hook: How phishing is evolving in the world of AI
Phishing attacks are evolving. Gone are the days of clumsy, error-ridden emails that were easy to spot – today’s campaigns harness advanced techniques to bypass even the latest defences. A new approach is needed Continue Reading
-
Opinion
01 May 2025
Signalgate: Learnings for CISOs securing enterprise data
A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what CISOs can learn from this potentially fatal error Continue Reading
-
News
30 Apr 2025
Co-op shuts off IT systems to contain cyber attack
A developing cyber incident at Co-op has forced the retailer to pull the plug on some of its IT systems as it works to contain the attack Continue Reading
-
News
24 Apr 2025
M&S systems remain offline days after cyber incident
M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business Continue Reading
-
Opinion
24 Apr 2025
Challenges persist as UK’s Cyber Security and Resilience Bill moves forward
Elements of the Cyber Security and Resilience Bill are welcome but questions remain about how best to act in the face of persistent challenges like geopolitical chaos, threats to critical infrastructure, and technological advances Continue Reading
-
Opinion
23 Apr 2025
Rethink authentication to remove the burden on users
The rise of AI powered threats and non-human identities will push an already strained identity security model over the edge Continue Reading
-
News
23 Apr 2025
Financially motivated cyber crime remains biggest threat source
Mandiant’s latest annual threat report reveals data on how financially motivated cyber criminals, such as ransomware gangs, dominate the cyber security landscape Continue Reading
-
News
23 Apr 2025
Amid uncertainty, Armis becomes newest CVE numbering authority
Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities Continue Reading
-
News
22 Apr 2025
Cyber ‘agony aunts’ launch guidebook for women in security
Cyber ‘agony aunts’ Amelia Hewitt and Rebecca Taylor are launching a book aimed at empowering women in their cyber security careers Continue Reading
-
News
22 Apr 2025
Secure Future Initiative reveals Microsoft staff focus
IT security is now a metric in the Microsoft employee appraisal process Continue Reading
-
Opinion
22 Apr 2025
Beyond baselines - getting real about security and resilience
In an increasingly contested world, the UK government needs a security certification that goes beyond baseline measures. Continue Reading
-
News
17 Apr 2025
Tariff turmoil is making supply chain security riskier
Many businesses around the world are taking the decision to alter their supplier mix in the face of tariff uncertainty, but in doing so are creating more cyber risks for themselves, according to a report Continue Reading
-
Opinion
17 Apr 2025
Collaboration is the best defence against nation-state threats
The rise of DeepSeek has prompted the usual well-documented concerns around AI, but also raised worries about its potential links to the Chinese state. The Security Think Tank considers the steps security leaders can take to counter threats posed by nation state industrial espionage? Continue Reading
-
News
16 Apr 2025
CISA extends Mitre CVE contract at last moment
The US Cybersecurity and Infrastructure Security Agency has ridden to the rescue of the under-threat Mitre CVE Programme, approving a last-minute, 11-month contract extension to preserve the project’s vital security vulnerability work Continue Reading
-
News
16 Apr 2025
CVE Foundation pledges continuity after Mitre funding cut
With news that Mitre’s contract to run the world-renowned CVE Programme is abruptly terminating, a breakaway group is setting up a non-profit foundation to try to ensure the project’s continuity Continue Reading
-
News
16 Apr 2025
Security leaders grapple with AI-driven threats
Experts warn of AI’s dual role in both empowering and challenging cyber defences, and called for intelligence sharing and the need to strike a balance between AI-driven innovation and existing security practices Continue Reading
-
News
15 Apr 2025
Mitre warns over lapse in CVE coverage
Mitre, the operator of the world-renowned CVE repository, has warned of significant impacts to global cyber security standards, and increased risk from threat actors, as it emerges its US government contract will lapse imminently Continue Reading
-
News
08 Apr 2025
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Two spyware variants are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities Continue Reading
-
Opinion
08 Apr 2025
DeepSeek will help evolve the conversation around privacy
The rise of DeepSeek has prompted the usual well-documented concerns around AI, but also raised worries about its potential links to the Chinese state. The Security Think Tank considers the steps security leaders can take to counter threats posed by nation state industrial espionage? Continue Reading
-
Opinion
08 Apr 2025
It’s time to stop the victim-blaming and insist on safer software
Businesses spend too much time and money protecting themselves against flaws and vulnerabilities in modern software products, when they ought to raise their expectations and insist on better solutions from providers Continue Reading
-
News
07 Apr 2025
UK SMEs losing over £3bn a year to cyber incidents
A lack of access to technology, little to no staff training, and competing priorities are losing UK SMEs up to £3.4bn to cyber incidents every year Continue Reading
-
News
07 Apr 2025
NIST calls time on older vulnerabilities amid surging disclosures
The National Institute of Standards and Technology is deferring future updates to thousands of cyber vulnerabilities discovered prior to 2018 amid surging volumes of new submissions Continue Reading
-
News
04 Apr 2025
Norway and Nordic financial sector ramps up cyber security
Finans Norge sets up cyber security unit CTSU to support the finance sector in Norway amid increasing threats Continue Reading
-
Opinion
03 Apr 2025
Taking a ‘good enough’ approach with cloud security isn't enough
In the wake of the January 2025 'Codefinger' attacks against AWS S3 users, Thales Rob Elliss argues that many organisations are dropping the ball when it comes to their understanding of cloud security best practice Continue Reading
-
News
01 Apr 2025
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order
Home Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services Continue Reading
-
Opinion
28 Mar 2025
Countering nation-state cyber espionage: A CISO field guide
The rise of DeepSeek has prompted the usual well-documented concerns around AI, but also raised worries about its potential links to the Chinese state. The Security Think Tank considers the steps security leaders can take to counter threats posed by nation state industrial espionage? Continue Reading
-
News
25 Mar 2025
ETSI launches first post-quantum encryption standard
European telco standards body launches its first post-quantum cryptography cyber standard, covering the security of critical data and communications Continue Reading
-
Opinion
24 Mar 2025
Will DeepSeek force us to take application security seriously?
The rise of DeepSeek has prompted the usual well-documented concerns around AI, but also raised worries about its potential links to the Chinese state. The Security Think Tank considers the steps security leaders can take to counter threats posed by nation state industrial espionage? Continue Reading
-
News
21 Mar 2025
NCSC, DSIT enlist IBM to spearhead cyber diversity agenda
IBM signs on to a partnership deal in support of the popular NCSC CyberFirst Girls scheme designed to foster gender diversity in the cyber security profession Continue Reading
-
News
19 Mar 2025
Clop resurgence drives ransomware attacks in February
The exploitation of two new vulnerabilities in a popular file transfer service saw the Clop ransomware gang soar in February, according to NCC Continue Reading
-
E-Zine
18 Mar 2025
UK under-prepared for catastrophic cyber attack
In this week’s Computer Weekly, MPs have been told the UK is under-prepared to cope with a catastrophic cyber attack – we find out where the problems lie. Our new buyer’s guide assesses the challenges of datacentre capacity planning. And one of the UK’s most successful businessmen, Sir Martin Sorrell, gives his view on the risks and opportunities of AI. Read the issue now. Continue Reading
-
News
18 Mar 2025
Seaco charts course for unified security strategy
Shipping container leasing giant consolidates security tools onto a single platform, leveraging AI and extended detection and response to improve security operations Continue Reading
-
Opinion
14 Mar 2025
How CISOs can counter the threat of nation state espionage
The rise of DeepSeek has prompted the usual well-documented concerns around AI, but also raised worries about its potential links to the Chinese state. The Security Think Tank considers the steps security leaders can take to counter threats posed by nation state industrial espionage? Continue Reading
-
News
13 Mar 2025
SuperBlack ransomware may have ties to LockBit
Forescout researchers report on a new ransomware gang that appears to be keeping the legacy of the notorious LockBit crew alive Continue Reading
-
News
12 Mar 2025
iPhone, iPad update fixes critical WebKit flaw
iPhone and iPad users are advised to update their devices as Apple addresses an out-of-bounds write issue in the WebKit browser engine that appears to have been exploited in targeted cyber attacks Continue Reading
-
News
11 Mar 2025
March Patch Tuesday brings 57 fixes, multiple zero-days
The third Patch Tuesday of 2025 brings fixes for 57 flaws and a hefty number of zero-days Continue Reading
-
News
11 Mar 2025
Perimeter security appliances source of most ransomware hits
Perimeter security appliances and devices, particularly VPNs, prove to be the most popular entry points into victim networks for financially motivated ransomware gangs, according to reports Continue Reading
-
News
11 Mar 2025
Dutch police disrupt half of ransomware operations, finds embedded PHD student
Dutch PhD study reveals the impact of centralised intelligence and strategic interventions in the fight against ransomware Continue Reading
-
News
11 Mar 2025
Post Office scandal data leak interim compensation offers made
Some subpostmasters affected by Post Office data breach offered interim compensation payments Continue Reading
-
News
11 Mar 2025
Singapore IT leaders boost AI security defences
Study reveals a surge in perceived importance of artificial intelligence for cyber security in Singapore, but declining investment in traditional measures raises concerns as sophisticated cyber attacks intensify Continue Reading
-
News
10 Mar 2025
How CISOs are tackling cyber security challenges
Security chiefs at the recent Gartner Security and Risk Management Summit in Sydney share insights on navigating board communication, organisational resilience and the importance of understanding business needs Continue Reading
-
News
07 Mar 2025
Managing security in the AI age
Gartner experts offer guidance on harnessing AI’s power while mitigating its risks, from managing shadow AI to implementing security controls and policies Continue Reading
-
News
06 Mar 2025
UK cyber security damaged by ‘clumsy Home Office political censorship’
Britain’s National Cyber Security Centre secretly censors computer security guidance and drops references to encryption Continue Reading
-
Feature
06 Mar 2025
Norway says ‘no way’ to global financial crime
Oslo’s startup ecosystem is fighting back against cyber criminals with tech to wipe out attacks rather than just detect them Continue Reading
-
News
05 Mar 2025
NHS investigating how API flaw exposed patient data
NHS patient data was left vulnerable by a flaw in an application programming interface used at online healthcare provider Medefer Continue Reading
-
Blog Post
04 Mar 2025
Relaunching Neighbourhood Watch for the Internet Age
Neighbourhood Watch became became by far the UK's largest community support movement during Covid - albeit cover is patchy. Across England and Wales it embraces 9% of household but that ranges from ... Continue Reading
-
News
04 Mar 2025
Aussie businesses ramp up security spending
Australian organisations are set to spend A$6.2bn on security and risk management in 2025, a 14.4% jump from the previous year, driven by the rise of AI and a growing threat landscape Continue Reading
-
News
03 Mar 2025
Singapore’s HomeTeamNS hit by ransomware attack
The non-profit organisation suffered a ransomware attack that affected some servers containing employee and member data, prompting an investigation and enhanced security measures Continue Reading
-
News
01 Mar 2025
Ransomware: from REvil to Black Basta, what do we know about Tramp?
This key member of the Black Basta ransomware gang is wanted by the US justice system. He narrowly escaped extradition at the end of June 2024 - with the help of highly-placed contacts in Moscow, according to him Continue Reading
-
News
28 Feb 2025
NHS staff lack confidence in health service cyber measures
NHS staff understand their role in protecting the health service from cyber threats and the public backs them in this aim, but legacy tech and a lack of training are hindering efforts, according to BT Continue Reading
-
Opinion
27 Feb 2025
Secure software: Third-party suppliers your first-party risk
Outgoing CISA chief Jen Easterly called on buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what best practice for secure software procurement looks like in 2025 Continue Reading
-
News
27 Feb 2025
CVE volumes head towards 50,000 in 2025, analysts claim
Many trends, notably a big shift to open source tools, are behind an expected boom in the number of disclosed vulnerabilities Continue Reading
-
News
26 Feb 2025
CISOs spending more on insider risk
Insider risk management budgets have more than doubled in the past 12 months and look set to grow further still in 2025, according to a report Continue Reading
-
Opinion
25 Feb 2025
Reflecting on three years of cyber warfare in Ukraine
With the third anniversary of Russia's illegal invasion of Ukraine passing this week, Charl Van Der Walt reflects on how the cyber threat landscape in Europe has changed since 2022 Continue Reading
-
News
25 Feb 2025
Ransomware: on the murky trail of one of the leaders of Black Basta
The internal exchanges within the Black Basta group revealed last week offer a new opportunity to investigate one of its leaders: Tramp. He may have been arrested in Armenia in June 2024, before being released Continue Reading
-
News
24 Feb 2025
European Union calls for more cyber data-sharing with Nato
Updates to the EU’s Cyber Blueprint, establishing best practice for multilateral security incident response in Europe, include calls for more collaboration with Nato member states, as the geopolitical environment becomes ever more fractious Continue Reading
-
Opinion
24 Feb 2025
UK businesses should look to Ireland amid EU cyber security overhaul
With a flourishing technology sector and a direct line to Brussels, investing in Ireland may be a sound bet for UK organisations looking to navigate Europe's transforming cyber landscape. Continue Reading
-
News
23 Feb 2025
Check Point co-founder on AI, quantum and independence
Gil Shwed, Check Point’s co-founder and executive chairman, discusses the company’s focus on artificial intelligence-driven security and his commitment to remaining an independent force in the cyber security market Continue Reading
-
Opinion
16 Feb 2025
How to get employees to take cyber risk more seriously
To combat risky cyber security behaviour, organisations must move beyond awareness training and cultivate a culture where security violations are personally felt and socially unacceptable, leveraging existing values, real-world impacts, and even humour Continue Reading
-
News
14 Feb 2025
Gartner: CISOs struggling to balance security, business objectives
Only 14% of security leaders can ‘effectively secure organisational data assets while also enabling the use of data to achieve business objectives’, according to Gartner Continue Reading
-
News
14 Feb 2025
Lenovo CSO: AI adoption fuels security paranoia
Doug Fisher, Lenovo’s chief security officer, outlines the company’s approach to security and AI governance, and the importance of having a strong security culture to combat cyber threats amplified by the use of AI Continue Reading
-
News
11 Feb 2025
Google: Cyber crime meshes with cyber warfare as states enlist gangs
A report from the Google Threat Intelligence Group depicts China, Russia, Iran and North Korea as a bloc using cyber criminal gangs to attack the national security of western countries Continue Reading
-
Definition
11 Feb 2025
What is information security management system (ISMS)?
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. Continue Reading
-
Opinion
07 Feb 2025
Secure software procurement in 2025: A call for accountability
Outgoing CISA chief Jen Easterly called on buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what best practice for secure software procurement looks like in 2025. Continue Reading
-
News
07 Feb 2025
US lawmakers move to ban DeepSeek AI tool
US politicians have introduced a bill seeking to ban the use of the DeepSeek AI tool on government-owned devices, citing national security concerns due to its alleged links to the Chinese state Continue Reading
-
Blog Post
07 Feb 2025
Sharp Europe's Bold Ambitions in the IT Services Sector
Building on a 113-year legacy, Sharp Europe is transforming itself into a leading European IT services provider. Strategic acquisitions are playing a key role in this growth which has enabled the ... Continue Reading
-
Opinion
04 Feb 2025
“Unsafe At Any Speed”. Comparing automobiles to code risk
Outgoing CISA chief Jen Easterly called on buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what best practice for secure software procurement looks like in 2025. Continue Reading
-
News
03 Feb 2025
Government sets out cyber security practice code to stoke AI growth
The government has set out a cyber security code of practice for developers to follow when building AI products Continue Reading
-
Opinion
03 Feb 2025
Vigilant buyers are the best recipe for accountable suppliers
In January 2025, outgoing CISA chief Jen Easterly called on IT buyers to demand better security standards from their software suppliers. The Security Think Tank considers what better means, and what does best practice for secure software procurement looks like in 2025. Continue Reading
-
News
03 Feb 2025
DeepSeek-R1 more readily generates dangerous content than other large language models
Research scientists at cyber firm Enkrypt AI publish concerning findings from a red team exercise conducted against DeepSeek, the hot new generative AI tool Continue Reading
-
News
31 Jan 2025
AI jailbreaking techniques prove highly effective against DeepSeek
Researchers at Palo Alto have shown how novel jailbreaking techniques were able to fool breakout GenAI model DeepSeek into helping to create keylogging tools, steal data, and make a Molotov cocktail Continue Reading
-
Opinion
31 Jan 2025
Can security operations ever be fully autonomous?
Focusing on targeted improvements, not full automation, is key to scaling security operations with AI Continue Reading
-
News
29 Jan 2025
How government hackers are trying to exploit Google Gemini AI
Google’s threat intel squad has shared information on how nation state threat actors are attempting to exploit its Gemini AI tool for nefarious ends Continue Reading
-
News
29 Jan 2025
Vallance rejects latest charge to reform UK hacking laws
Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit Continue Reading
-
News
28 Jan 2025
NAO: UK government cyber resilience weak in face of mounting threats
The National Audit Office has found UK government cyber resilience wanting, weakened by legacy IT and skills shortages, and facing mounting threats Continue Reading
-
Opinion
28 Jan 2025
Your first steps to improve international compliance
The Computer Weekly Security Think Tank considers how security leaders should best navigate the multitude of new national and multinational regulations affecting their work, and ensure their organisations remain compliant and protected Continue Reading
-
News
27 Jan 2025
Inside CyberArk’s security strategy
CyberArk CIO Omer Grossman talks up the company’s security-first ethos, the importance of an assumed breach mentality and how the company is addressing threats from the growing use of AI Continue Reading
-
News
24 Jan 2025
CISOs boost board presence by 77% over two years
A global research study, from Splunk and Oxford Economics, into how chief information security officers interact with boards finds greater participation but enduring gaps Continue Reading
-
News
23 Jan 2025
ICO launches major review of cookies on UK websites
ICO sets out 2025 goals, including a review of cookie compliance across the UK’s top 1,000 websites, as it seeks to achieve its ultimate goal of giving the public meaningful control over how their data is used Continue Reading
-
News
22 Jan 2025
Privacy professionals expect budget cuts, lack confidence
Over 50% of privacy professionals in Europe expect to see less money earmarked for data security initiatives in 2025, and many don’t have faith their organisations are taking the issue seriously, according to an ISACA report Continue Reading
-
News
22 Jan 2025
Funksec gang turned up ransomware heat in December
The criminal ransomware fraternity was hard at work over the festive period, with attack volumes rising and a new threat actor emerging on the scene Continue Reading
-
News
16 Jan 2025
Biden signs new cyber order days before Trump inauguration
With days left in the White House, outgoing US president Joe Biden has signed a wide-ranging cyber security executive order with far-reaching implications Continue Reading
-
News
16 Jan 2025
Almost half of UK banks set to miss DORA deadline
A significant minority of financial services organisations in the UK will not be fully compliant with the EU’s DORA cyber and risk management regulation when it comes into force on 17 January Continue Reading
-
News
15 Jan 2025
Users protest, flee TikTok as clock ticks on US ban
As the US Supreme Court prepares to rule on the future of TikTok, rumours of a sale are swirling around Washington DC while panicked users make plans for an exodus Continue Reading
-
News
15 Jan 2025
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws Continue Reading
-
News
13 Jan 2025
UK government plans to extend ransomware payment ban
A ban on ransomware payments by UK government departments will be extended to cover organisations such as local councils, schools and the NHS should new government proposals move forward Continue Reading